Apple's Find My iPhone login page was discovered to have been vulnerable to so-called "brute force" hacks. Hackers are usually locked out of sites if they try to gain access using multiple passwords, but it was discovered that the Find My iPhone API allows users to repeatedly try different passwords. Security researcher Alexey Troshichev revealed that it's possible to combine this exploit with a list of common passwords in order to make a tool that can gain access to iCloud accounts.

So was Apple's Find My iPhone vulnerability to blame for the iCloud hack? The speech that outlined the vulnerability took place at the Def Con conference in Russia on Aug. 30, leaving potential hackers only a small period of time to exploit the vulnerability, unless they were already aware of the brute force exploit. Evidence suggests that the leaked celebrity photos were gathered over a period of weeks, or even years, instead of a quick one-day attack, meaning that there may be a completely different vulnerability in iCloud that has yet to be discovered.

Popular from BI Prime

Close iconTwo crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.Check mark iconA check mark. It indicates a confirmation of your intended interaction.